[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 19 20:12:08 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
884a9d76 by security tracker role at 2025-02-19T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,105 @@
+CVE-2025-27089 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2025-24965 (crun is an open source OCI Container Runtime fully written in C. In af ...)
+ TODO: check
+CVE-2025-24806 (Authelia is an open-source authentication and authorization server pro ...)
+ TODO: check
+CVE-2025-20211 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ TODO: check
+CVE-2025-20158 (A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco ...)
+ TODO: check
+CVE-2025-20153 (A vulnerability in the email filtering mechanism of Cisco Secure Email ...)
+ TODO: check
+CVE-2025-1465 (A vulnerability, which was classified as problematic, was found in lmx ...)
+ TODO: check
+CVE-2025-1464 (A vulnerability, which was classified as critical, has been found in B ...)
+ TODO: check
+CVE-2025-1426 (Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0 ...)
+ TODO: check
+CVE-2025-1135 (A vulnerability exists in ChurchCRM5.13.0. and prior that allows an at ...)
+ TODO: check
+CVE-2025-1134 (A vulnerability exists in ChurchCRM5.13.0 and prior that allows an att ...)
+ TODO: check
+CVE-2025-1133 (A vulnerability exists in ChurchCRM 5.13.0 and priorthat allows an att ...)
+ TODO: check
+CVE-2025-1132 (A time-based blind SQL Injectionvulnerability exists in the ChurchCRM ...)
+ TODO: check
+CVE-2025-1075 (Insertion of Sensitive Information into Log File in Checkmk GmbH's Che ...)
+ TODO: check
+CVE-2025-1024 (A vulnerability exists in ChurchCRM 5.13.0that allows an attacker to e ...)
+ TODO: check
+CVE-2025-1007 (In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace} ...)
+ TODO: check
+CVE-2025-1006 (Use after free in Network in Google Chrome prior to 133.0.6943.126 all ...)
+ TODO: check
+CVE-2025-0999 (Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 al ...)
+ TODO: check
+CVE-2025-0968 (The ElementsKit Elementor addons plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-0916 (The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Br ...)
+ TODO: check
+CVE-2025-0893 (Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptibl ...)
+ TODO: check
+CVE-2024-53974 (Adobe Experience Manager versions 6.5.21 and earlier are affected by a ...)
+ TODO: check
+CVE-2024-52902 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
+ TODO: check
+CVE-2024-52541 (Dell Client Platform BIOS contains a Weak Authentication vulnerability ...)
+ TODO: check
+CVE-2024-45084 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
+ TODO: check
+CVE-2024-45081 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
+ TODO: check
+CVE-2024-28780 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
+ TODO: check
+CVE-2024-28777 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
+ TODO: check
+CVE-2024-28776 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
+ TODO: check
+CVE-2024-13534 (The Small Package Quotes \u2013 Worldwide Express Edition plugin for W ...)
+ TODO: check
+CVE-2024-13533 (The Small Package Quotes \u2013 USPS Edition plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-13491 (The Small Package Quotes \u2013 For Customers of FedEx plugin for Word ...)
+ TODO: check
+CVE-2024-13489 (The LTL Freight Quotes \u2013 Old Dominion Edition plugin for WordPres ...)
+ TODO: check
+CVE-2024-13485 (The LTL Freight Quotes \u2013 ABF Freight Edition plugin for WordPress ...)
+ TODO: check
+CVE-2024-13483 (The LTL Freight Quotes \u2013 SAIA Edition plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-13481 (The LTL Freight Quotes \u2013 R+L Carriers Edition plugin for WordPres ...)
+ TODO: check
+CVE-2024-13479 (The LTL Freight Quotes \u2013 SEFL Edition plugin for WordPress is vul ...)
+ TODO: check
+CVE-2024-13478 (The LTL Freight Quotes \u2013 TForce Edition plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-13364 (The Raptive Ads plugin for WordPress is vulnerable to unauthorized acc ...)
+ TODO: check
+CVE-2024-13363 (The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross- ...)
+ TODO: check
+CVE-2024-13339 (The DeBounce Email Validator plugin for WordPress is vulnerable to Cro ...)
+ TODO: check
+CVE-2024-13336 (The Disable Auto Updates plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2024-13231 (The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for Wo ...)
+ TODO: check
+CVE-2023-51299 (PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection i ...)
+ TODO: check
+CVE-2023-51298 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection ...)
+ TODO: check
+CVE-2023-51297 (A lack of rate limiting in the 'Email Settings' feature of PHPJabbers ...)
+ TODO: check
+CVE-2023-51296 (PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scr ...)
+ TODO: check
+CVE-2023-51293 (A lack of rate limiting in the 'Forgot Password', 'Email Settings' fea ...)
+ TODO: check
+CVE-2023-47160 (IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11. ...)
+ TODO: check
+CVE-2023-46272 (Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10. ...)
+ TODO: check
+CVE-2023-46271 (Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 1 ...)
+ TODO: check
CVE-2025-26624 (Rufus is a utility that helps format and create bootable USB flash dri ...)
NOT-FOR-US: Rufus
CVE-2025-26617 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
@@ -232,7 +334,7 @@ CVE-2024-56883 (Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Co
NOT-FOR-US: Sage
CVE-2024-56882 (Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS ...)
NOT-FOR-US: Sage
-CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in NotFound K Elements al ...)
+CVE-2024-56000 (Incorrect Privilege Assignment vulnerability in SeventhQueen K Element ...)
NOT-FOR-US: WordPress plugin
CVE-2024-55460 (A time-based SQL injection vulnerability in the login page of BoardRoo ...)
NOT-FOR-US: BoardRoom Limited Dividend Distribution Tax Election System
@@ -278,7 +380,7 @@ CVE-2025-1125 [fs/hfs: Interger overflow may lead to heap based out-of-bounds wr
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-1118 [commands/dump: The dump command is not in lockdown when secure boot is enabled]
+CVE-2025-1118 (A flaw was found in grub2. Grub's dump command is not blocked when gru ...)
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -306,11 +408,11 @@ CVE-2025-0678 [squash4: Integer overflow may lead to heap based out-of-bounds wr
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-0677 [UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks]
+CVE-2025-0677 (A flaw was found in grub2. When performing a symlink lookup, the grub' ...)
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2025-0624 [net: Out-of-bounds write in grub_net_search_config_file()]
+CVE-2025-0624 (A flaw was found in grub2. During the network boot process, when tryin ...)
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -342,7 +444,7 @@ CVE-2024-45778 [fs/bfs: Integer overflow in the BFS parser]
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
-CVE-2024-45777 [grub-core/gettext: Integer overflow leads to Heap OOB Write]
+CVE-2024-45777 (A flaw was found in grub2. The calculation of the translation buffer w ...)
- grub2 <unfixed> (bug #1098319)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
@@ -605,7 +707,7 @@ CVE-2025-1392 (A vulnerability has been found in D-Link DIR-816 1.01TO and class
NOT-FOR-US: D-Link
CVE-2025-1391 (A flaw was found in the Keycloak organization feature, which allows th ...)
- keycloak <itp> (bug #1088287)
-CVE-2025-0714 (The vulnerability existed in the password storage of Mobateks MobaXter ...)
+CVE-2025-0714 (The vulnerability exists in the password storage of Mobateks MobaXterm ...)
NOT-FOR-US: Mobateks MobaXterm
CVE-2025-0001 (Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022 ...)
NOT-FOR-US: Abacus ERP
@@ -1668,7 +1770,7 @@ CVE-2025-25184 (Rack provides an interface for developing web applications in Ru
NOTE: https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
CVE-2025-25182 (Stroom is a data processing, storage and analysis platform. A vulnerab ...)
NOT-FOR-US: Stroom
-CVE-2025-1244 (A flaw was found in the Emacs text editor. Improper handling of custom ...)
+CVE-2025-1244 (A command injection flaw was found in the text editor Emacs. It could ...)
- emacs <unfixed> (bug #1098255)
NOTE: https://debbugs.gnu.org/66390
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f
@@ -184903,7 +185005,7 @@ CVE-2022-46299 (Insufficient control flow management for some Intel Unison softw
CVE-2022-46298 (Incomplete cleanup for some Intel Unison software may allow a privileg ...)
NOT-FOR-US: Intel
CVE-2022-46283
- RESERVED
+ REJECTED
CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier allows a lo ...)
NOT-FOR-US: CX-Drive
CVE-2022-45469 (Improper input validation for some Intel Unison software may allow an ...)
@@ -333062,8 +333164,8 @@ CVE-2021-20066 (JSDom improperly allows the loading of local resources, which al
NOTE: https://github.com/jsdom/jsdom/issues/3124
CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 ...)
NOT-FOR-US: Mitel
-CVE-2020-35546
- RESERVED
+CVE-2020-35546 (Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access ...)
+ TODO: check
CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string.)
- spotweb <removed> (bug #977719)
[buster] - spotweb <no-dsa> (Minor issue)
@@ -371222,7 +371324,7 @@ CVE-2020-15947 (A SQL injection vulnerability in the qm_adm/qm_export_stats_run.
NOT-FOR-US: Loway QueueMetrics
CVE-2020-15946
RESERVED
-CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ...)
+CVE-2020-15945 (Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ...)
- lua5.4 5.4.1-1
- lua5.3 <not-affected> (Specific to 5.4)
- lua5.2 <not-affected> (Specific to 5.4)
@@ -378158,8 +378260,8 @@ CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows X
NOT-FOR-US: Bitrix24
CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...)
NOT-FOR-US: EM-HTTP-Request
-CVE-2020-13481
- RESERVED
+CVE-2020-13481 (Certain Lexmark products through 2020-05-25 allow XSS which allows an ...)
+ TODO: check
CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
NOT-FOR-US: Verint Workforce Optimization (WFO)
CVE-2020-13479
@@ -388537,8 +388639,8 @@ CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respon
- zammad <itp> (bug #841355)
CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...)
- zammad <itp> (bug #841355)
-CVE-2020-10095
- RESERVED
+CVE-2020-10095 (Various Lexmark devices have CSRF that allows an attacker to modify th ...)
+ TODO: check
CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...)
NOT-FOR-US: Lexmark
CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/884a9d76acc3ccd05f6699dcf12c2dd529862413
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/884a9d76acc3ccd05f6699dcf12c2dd529862413
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250219/99bbd2b6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list